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First Preliminary Amendment 

AMENDMENTS TO THE CLAIMS 

1. (original) A secret file access authorization system with fingerprint limitation 
comprising the components as follows: 

An authorization server provided with an authorization module, which provides a 
fingerprint template and an authorization secret key. 

An encryption server provided with an encryption module, which generates a 
decryption secret key by accepting the authorization secret key provided by the 
authorization module, and produces the encrypted secret files by encrypting the secret files 
to be encrypted. 

A certification server provided with an authorization module, which accepts the 
fingerprint template provided by the authorization module, accepts the decryption secret 
key provided by the encryption module and the authorization secret key claiming 
certification that is sent by the client, and judges and confirms providing the certified 
decryption secret key. 

At least one client machine, each is provided with a user module, which embeds the 
kernel encryption/decryption unit into the corresponding operation system kernel of the 
client, accepts the authorization secret key provided by the authorization module and the 
decryption secret key provided by the encryption module, sends the claiming certification 
respectively to certification module, opens the encryption/decryption unit with the certified 
authorization secret key and the certified decryption secret key which is returned after the 
certification module makes the certification,, and reads/writes the encrypted secret files. 
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2. (original) A secret file access authorization system with fingerprint limitation 
according to claim 1, the encryption server and the certification server are merged to 
constitute a system server, which is provided with the authorization module, the encryption 
module and the certification module. 

3. (original) A secret file access authorization system with fingerprint limitation 
according to claim 1 , the authorization server and the encryption server are merged to 
constitute an authorization-and-encryption server, which is provided with the authorization 
module and the encryption module. 

4. (original) A secret file access authorization system with fingerprint limitation 
according to claim 1 , the authorization server and the certification server are merged to 
constitute an authorization-and-certification server, which is provided with the authorization 
module and the certification module. 

5. (original) A secret file access authorization system with fingerprint limitation 
according to claim 1 , the encryption server and the certification server are merged to 
constitute an encryption-and-certification server, which is provided with the encryption 
module and the certification module. 

6. (Currently amended) A secret file access authorization system with fingerprint 
limitation according t o c l aim 1 5 claim 1 , the authorization module includes a password 
fingerprint unit, an environment fingerprint sampling unit and a time fingerprint sampling 
unit, which are set in parallel, as well as the authorization unit that is linked with the said 
three units which are set in parallel respectively by the bidirectional programs; the 
authorization unit provides the authorization secret key; while the password fingerprint unit, 
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the environment fingerprint sampling unit and the time fingerprint sampling unit that are set 
in parallel provide the fingerprint template altogether. 

7. (original) A secret file access authorization system with fingerprint limitation 
according to claim 6, the authorization secret key is a binary string of a certain length. 

8. (original) A secret file access authorization system with fingerprint limitation 
according to claim 7, the authorization secret key can be put into the authorized entity. 

9. (original) A secret file access authorization system with fingerprint limitation 
according to claim 6, the fingerprint template is a binary string of a certain length. 

10. (Currently amended) A secret file access authorization system with fingerprint 
limitation according to c l aim 1 5 claim 1 , the encryption module includes the secret key 
generation unit and the encryption unit, which are linked in sequence by the programs; the 
secret key generation unit provides the decryption secret key after accepting the 
authorization secret key provided by the authorization module; the encryption unit accepts 
the input of secret files to be encrypted, and produces the encrypted secret files by using 
the decryption secret key provided by the secret key generation unit. 

1 1 . (original) A secret file access authorization system with fingerprint limitation 
according to claim 10, the encryption unit accepts the input of the secret files to be 
encrypted, and produces the encrypted secret files by using the authorization secret key. 

12. (original) A secret file access authorization system with fingerprint limitation 
according to claim 10, the encryption unit accepts the input of the secret files to be 
encrypted, and produces the encrypted secret files by using the decryption secret key and 
the authorization secret key at the same time. 
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13. (Currently amended) A secret file access authorization system with fingerprint 

limitation according to claim 1 5 claim 1 , the certification module includes an environment 

i 

fingerprint certification unit, a password fingerprint certification unit, and a time fingerprint 

i 

certification unit set in parallel by accepting the fingerprint template provided by the 
authorization module; the certification interface unit linked with them by the bidirectional 
programs, which also accepts the decryption secret key provided by the encryption module 
and the certification secret key from the user module claiming certification respectively, 
and provides the certified decryption secret key for the user module. 

14. (Currently amended) A secret file access authorization system with fingerprint 
limitation according to c l aim 1 - 5 claim 1 , the user module includes the application unit, the 
kernel encryption/decryption unit and the input/output unit, which are linked in sequence by 
the bidirectional programs; as well as the authorization input unit, which accepts the 
authorization secret key and sends it into the kernel encryption/decryption unit; the kernel 
encryption/decryption unit provides the authorization secret key claiming certification for 
the certification module, and accepts the certified decryption secret key sent by the 
certification module; and the input/output unit is coupled with the encrypted secret files 
bidirectionally; the kernel encryption/decryption unit is embedded in the client operation 
system kernel. 

15. (original) A secret file access authorization system with fingerprint limitation 
according to claim 14, the client operation system can be Microsoft Windows 
95/98/ME/NT/2000/XP/2003 Server or Linux/Unix or Pocket, Symbian OS, Windows CE 
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embedded operation system or Mac OS or Sun OS, Novell netware and other server or 
network operation systems. 

16. (original) A secret file access authorization system with fingerprint limitation 
according to claim 14, the program used by the application unit can be Microsoft Office and 
its components or other desktop applications or embedded applications. 

17. (new) A secret file access authorization system with fingerprint limitation 
according to claim 2, the authorization module includes a password fingerprint unit, an 
environment fingerprint sampling unit and a time fingerprint sampling unit, which are set in 
parallel, as well as the authorization unit that is linked with the said three units which are 
set in parallel respectively by the bidirectional programs; the authorization unit provides the 
authorization secret key; while the password fingerprint unit, the environment fingerprint 
sampling unit and the time fingerprint sampling unit that are set in parallel provide the 
fingerprint template altogether. 

18. (new) A secret file access authorization system with fingerprint limitation 
according to claim 3, the authorization module includes a password fingerprint unit, an 
environment fingerprint sampling unit and a time fingerprint sampling unit, which are set in 
parallel, as well as the authorization unit that is linked with the said three units which are 
set in parallel respectively by the bidirectional programs; the authorization unit provides the 
authorization secret key; while the password fingerprint unit, the environment fingerprint 
sampling unit and the time fingerprint sampling unit that are set in parallel provide the 
fingerprint template altogether. 
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19. (new) A secret file access authorization system with fingerprint limitation 
according to claim 4, the authorization module includes a password fingerprint unit, an 
environment fingerprint sampling unit and a time fingerprint sampling unit, which are set in 
parallel, as well as the authorization unit that is linked with the said three units which are 
set in parallel respectively by the bidirectional programs; the authorization unit provides the 
authorization secret key; while the password fingerprint unit, the environment fingerprint 
sampling unit and the time fingerprint sampling unit that are set in parallel provide the 
fingerprint template altogether. 

20. (new) A secret file access authorization system with fingerprint limitation 
according to claim 5, the authorization module includes a password fingerprint unit, an 
environment fingerprint sampling unit and a time fingerprint sampling unit, which are set in 
parallel, as well as the authorization unit that is linked with the said three units which are 
set in parallel respectively by the bidirectional programs; the authorization unit provides the 
authorization secret key; while the password fingerprint unit, the environment fingerprint 
sampling unit and the time fingerprint sampling unit that are set in parallel provide the 
fingerprint template altogether. 

21. (new) A secret file access authorization system with fingerprint limitation 
according to claim 17, the authorization secret key is a binary string of a certain length. 

22. (new) A secret file access authorization system with fingerprint limitation 
according to claim 18, the authorization secret key is a binary string of a certain length. 

23. (new) A secret file access authorization system with fingerprint limitation 
according to claim 19, the authorization secret key is a binary string of a certain length. 
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24. (new) A secret file access authorization system with fingerprint limitation 
according to claim 20, the authorization secret key is a binary string of a certain length. 

25. (new) A secret file access authorization system with fingerprint limitation 
according to claim 21, the authorization secret key can be put into the authorized entity. 

26. (new) A secret file access authorization system with fingerprint limitation 
according to claim 22, the authorization secret key can be put into the authorized entity. 

27. (new) A secret file access authorization system with fingerprint limitation 
according to claim 23, the authorization secret key can be put into the authorized entity. 

28. (new) A secret file access authorization system with fingerprint limitation 
according to claim 24, the authorization secret key can be put into the authorized entity. 

29. (new) A secret file access authorization system with fingerprint limitation 
according to claim 17, the fingerprint template is a binary string of a certain length. 

30. (new) A secret file access authorization system with fingerprint limitation 
according to claim 18, the fingerprint template is a binary string of a certain length. 

31 . (new) A secret file access authorization system with fingerprint limitation 
according to claim 19, the fingerprint template is a binary string of a certain length. 

32. (new) A secret file access authorization system with fingerprint limitation 
according to claim 20, the fingerprint template is a binary string of a certain length. 

33. (new) A secret file access authorization system with fingerprint limitation 
according to claim 2, the encryption module includes the secret key generation unit and the 
encryption unit, which are linked in sequence by the programs; the secret key generation 
unit provides the decryption secret key after accepting the authorization secret key 
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provided by the authorization module; the encryption unit accepts the input of secret files to 
be encrypted, and produces the encrypted secret files by using the decryption secret key 
provided by the secret key generation unit. 

34. (new) A secret file access authorization system with fingerprint limitation 
according to claim 3, the encryption module includes the secret key generation unit and the 
encryption unit, which are linked in sequence by the programs; the secret key generation 
unit provides the decryption secret key after accepting the authorization secret key 
provided by the authorization module; the encryption unit accepts the input of secret files to 
be encrypted, and produces the encrypted secret files by using the decryption secret key 
provided by the secret key generation unit. 

35. (new) A secret file access authorization system with fingerprint limitation 
according to claim 4, the encryption module includes the secret key generation unit and the 
encryption unit, which are linked in sequence by the programs; the secret key generation 
unit provides the decryption secret key after accepting the authorization secret key 
provided by the authorization module; the encryption unit accepts the input of secret files to 
be encrypted, and produces the encrypted secret files by using the decryption secret key 
provided by the secret key generation unit. 

36. (new) A secret file access authorization system with fingerprint limitation 
according to claim 5, the encryption module includes the secret key generation unit and the 
encryption unit, which are linked in sequence by the programs; the secret key generation 
unit provides the decryption secret key after accepting the authorization secret key 
provided by the authorization module; the encryption unit accepts the input of secret files to 
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be encrypted, and produces the encrypted secret files by using the decryption secret key 
provided by the secret key generation unit. 

37. (new) A secret file access authorization system with fingerprint limitation 
according to claim 33, the encryption unit accepts the input of the secret files to be 
encrypted, and produces the encrypted secret files by using the authorization secret key. 

38. (new) A secret file access authorization system with fingerprint limitation 
according to claim 34, the encryption unit accepts the input of the secret files to be 
encrypted, and produces the encrypted secret files by using the authorization secret key. 

39. (new) A secret file access authorization system with fingerprint limitation 
according to claim 35, the encryption unit accepts the input of the secret files to be 
encrypted, and produces the encrypted secret files by using the authorization secret key. 

40. (new) A secret file access authorization system with fingerprint limitation 
according to claim 36, the encryption unit accepts the input of the secret files to be 
encrypted, and produces the encrypted secret files by using the authorization secret key. 

41 . (new) A secret file access authorization system with fingerprint limitation 
according to claim 33, the encryption unit accepts the input of the secret files to be 
encrypted, and produces the encrypted secret files by using the decryption secret key and 
the authorization secret key at the same time. 

42. (new) A secret file access authorization system with fingerprint limitation 
according to claim 34, the encryption unit accepts the input of the secret files to be 
encrypted, and produces the encrypted secret files by using the decryption secret key and 
the authorization secret key at the same time. 
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43. (new) A secret file access authorization system with fingerprint limitation 
according to claim 35, the encryption unit accepts the input of the secret files to be 
encrypted, and produces the encrypted secret files by using the decryption secret key and 
the authorization secret key at the same time. 

44. (new) A secret file access authorization system with fingerprint limitation 
according to claim 36, the encryption unit accepts the input of the secret files to be 
encrypted, and produces the encrypted secret files by using the decryption secret key and 
the authorization secret key at the same time. 

45. (new) A secret file access authorization system with fingerprint limitation 
according to claim 2, the certification module includes an environment fingerprint 
certification unit, a password fingerprint certification unit, and a time fingerprint certification 
unit set in parallel by accepting the fingerprint template provided by the authorization 
module; the certification interface unit iinked with them by the bidirectional programs, which 
also accepts the decryption secret key provided by the encryption module and the 
certification secret key from the user module claiming certification respectively, and 
provides the certified decryption secret key for the user module. 

46. (new) A secret file access authorization system with fingerprint limitation 
according to claim 3, the certification module includes an environment fingerprint 
certification unit, a password fingerprint certification unit, and a time fingerprint certification 
unit set in parallel by accepting the fingerprint template provided by the authorization 
module; the certification interface unit linked with them by the bidirectional programs, which 
also accepts the decryption secret key provided by the encryption module and the 
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certification secret key from the user module claiming certification respectively, and 
provides the certified decryption secret key for the user module. 

47. (new) A secret file access authorization systeim with fingerprint limitation 
according to claim 4, the certification module includes an environment fingerprint 
certification unit, a password fingerprint certification unit, and a time fingerprint certification 
unit set in parallel by accepting the fingerprint template provided by the authorization 
module; the certification interface unit linked with them by the bidirectional programs, which 
also accepts the decryption secret key provided by the encryption module and the 
certification secret key from the user module claiming certification respectively, and 
provides the certified decryption secret key for the user module. 

48. (new) A secret file access authorization system with fingerprint limitation 
according to claim 5, the certification module includes an environment fingerprint 
certification unit, a password fingerprint certification unit, and a time fingerprint certification 
unit set in parallel by accepting the fingerprint template provided by the authorization 
module; the certification interface unit linked with them by the bidirectional programs, which 
also accepts the decryption secret key provided by the encryption module and the 
certification secret key from the user module claiming certification respectively, and 
provides the certified decryption secret key for the user module. 

49. (new) A secret file access authorization system with fingerprint limitation 
according to claim 2, the user module includes the application unit, the kernel 
encryption/decryption unit and the input/output unit, which are linked in sequence by the 
bidirectional programs; as well as the authorization input unit, which accepts the 
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authorization secret key and sends it into the kernel encryption/decryption unit; the kernel 
encryption/decryption unit provides the authorization secret key claiming certification for 
the certification module, and accepts the certified decryption secret key sent by the 
certification module; and the input/output unit is coupled with the encrypted secret files 
bidirectionally; the kernel encryption/decryption unit is embedded in the client operation 
system kernel. 

50. (new) A secret file access authorization system with fingerprint limitation 
according to claim 3, the user module includes the application unit, the kernel 
encryption/decryption unit and the input/output unit, which are linked in sequence by the 
bidirectional programs; as well as the authorization input unit, which accepts the 
authorization secret key and sends it into the kernel encryption/decryption unit; the kernel 
encryption/decryption unit provides the authorization secret key claiming certification for 
the certification module, and accepts the certified decryption secret key sent by the 
certification module; and the input/output unit is coupled with the encrypted secret files 
bidirectionally; the kernel encryption/decryption unit is embedded in the client operation 
system kernel. 

51 . (new) A secret file access authorization system with fingerprint limitation 
according to claim 4, the user module includes the application unit, the kernel 
encryption/decryption unit and the input/output unit, which are linked in sequence by the 
bidirectional programs; as well as the authorization input unit, which accepts the 
authorization secret key and sends it into the kernel encryption/decryption unit; the kernel 
encryption/decryption unit provides the authorization secret key claiming certification for 
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the certification module, and accepts the certified decryption secret key sent by the 
certification module; and the input/output unit is coupled with the encrypted secret files 
bidirectionally; the kernel encryption/decryption unit is embedded in the client operation 
system kernel. 

52. (new) A secret file access authorization system with fingerprint limitation 
according to claim 5, the user module includes the application unit, the kernel 
encryption/decryption unit and the input/output unit, which are linked in sequence by the 
bidirectional programs; as well as the authorization input unit, which accepts the 
authorization secret key and sends it into the kernel encryption/decryption unit; the kernel 
encryption/decryption unit provides the authorization secret key claiming certification for 
the certification module, and accepts the certified decryption secret key sent by the 
certification module; and the input/output unit is coupled with the encrypted secret files 
bidirectionally; the kernel encryption/decryption unit is embedded in the client operation 
system kernel. 

53. (new) A secret file access authorization system with fingerprint limitation 
according to claim 49, the client operation system can be Microsoft Windows 
95/98/ME/NT/2000/XP/2003 Server or Linux/Unix or Pocket, Symbian OS, Windows CE 
embedded operation system or Mac OS or Sun OS, Novell netware and other server or 
network operation systems. 

54. (new) A secret file access authorization system with fingerprint limitation 
according to claim 50, the client operation system can be Microsoft Windows 
95/98/ME/NT/2000/XP/2003 Server or Linux/Unix or Pocket, Symbian OS, Windows CE 
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embedded operation system or Mac OS or Sun OS, Novell netware and other server or 
network operation systems. 

55. (new) A secret file access authorization system with fingerprint limitation 
according to claim 51, the client operation system can be Microsoft Windows 
95/98/ME/NT/2000/XP/2003 Server or Linux/Unix or Pocket, Symbian OS, Windows CE 
embedded operation system or Mac OS or Sun OS, Novell netware and other server or 
network operation systems. 

56. (new) A secret file access authorization system with fingerprint limitation 
according to claim 52, the client operation system can be Microsoft Windows 
95/98/ME/NT/2000/XP/2003 Server or Linux/Unix or Pocket, Symbian OS, Windows CE 
embedded operation system or Mac OS or Sun OS, Novell netware and other server or 
network operation systems. 

57. (new) A secret file access authorization system with fingerprint limitation 
according to claim 49, the program used by the application unit can be Microsoft Office and 
its components or other desktop applications or embedded applications. 

58. (new) A secret file access authorization system with fingerprint limitation 
according to claim 50, the program used by the application unit can be Microsoft Office and 
its components or other desktop applications or embedded applications. 

59. (new) A secret file access authorization system with fingerprint limitation 
according to claim 51, the program used by the application unit can be Microsoft Office and 
its components or other desktop applications or embedded applications. 
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60. (new) A secret file access authorization system with fingerprint limitation 
according to claim 52, the program used by the application unit can be Microsoft Office and 
its components or other desktop applications or embedded applications. 
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